Life in and around Carson City, Nevada

That copier hard drive: Your weakest link

You’ve given your servers the best security available. You’ve protected the networked PCs against viruses. You’ve protected your e-mail system. But for most companies, there’s one big inviting target that you may not even know exists.

Hard disk drives have been a standard part of mid-range to high-level copiers for about five years. They have various uses, including saving frequently printed forms and guides, storing digitized incoming faxes, and securing print jobs until you actually get to the machine and identify yourself with a password or biometric.

But the main function is that they make a temporary save of incoming prints and copies before putting toner on paper.It used to be that a hard disk drive was an expensive add-on. More and more, it’s becoming standard equipment, especially on the faster copier-multifunctional. And there are tools for protecting that data. First there are so-called “disk scrubbing” utilities that systematically remove any temporary data stored on the disk so that even the smartest cyber thief can’t find a trace of it. Then there are data encryption utilities that allow you to scramble the files that you do store.

But here’s the rub most copier companies charge you hundreds of dollars extra for those tools. Therefore, they become an afterthought, an added expense that seems like a last-minute sales trick. Here we blame the copier companies the security tools should be shipped along with any hard disk, not presented as an extra that a non-tech savvy purchasing agent sees no need for.

The reality is many unprotected hard disks are brimming with confidential data, as shown in a recent Toronto Star article.

As one security expert points out, these unprotected copiers are open to outsiders. “Any web-savvy, techno-whiz kid could easily access the hard drive, or send all scans to e-mail or, if they have the password, retrieve copies of confidential documents by simply hooking their laptop up to the copier.”

In fact, the Toronto Star reporter got a demo on how easy it is to target copiers anywhere in the world from the comfort of home. “The activity of photocopiers linked to an unsecured network can be seen and tracked online. With a few clicks of a mouse, and no knowledge of how to hack, we could see the latest activity of a photocopier in Korea, which included copies of invoices and employee expenses.”